Recent Discussions
Exchange online - track deleted mail
I am 365 admin and see quite often people rapport "all my mails are in deleted post - and I have done nothing" or similar What is the best practice to investigate that. I know in powershell I have made some auditsearches, where it rapports like softdelete, hardelete etc - but is there any more specific way proving that the user actually did in on his own ? - I know with retention policies it is hard delete - but just wondering what the best practice is like to prove to the user that this is the user. Just write that it is soft deleted and means user have done it, often the user think is not understandable
Retire last Exchange Server but keep directory sync
Hello all -- I'm looking for guidance on the recommended way to retire our last Exchange 2019 server while maintaining directory synchronization in our environment. We do not have any mail flowing through our exchange server, never have. It was only installed 10 years ago for a hybrid deployment. I believe one supported path is to stand up a member server and install the Exchange Management Tools on it. Given that Exchange 2019 is already out of support, is the the long term path moving forward? I've also read about an attribute "IsExchangeCloudManaged". In this scenario, I can set this on a per-mailbox basis and manage attributes such as proxyaddresses, extension attributes, and other non-AD-managed attributes. Is this the more forward path to take? Thinking about our user provisioning process now, we have a PowerShell script that creates the user in AD and connects to our hybrid Exchange server to Enable-RemoteMailbox. In this scenario, we would still create the user in AD, wait for the sync to happen, then enable the IsExchangeCloudManaged. Would this now provide the ability to manage additional addresses, or even, shared mailboxes without having to migrate from AD --> EXO - all while keeping AD in sync with cloud mailboxes? Am I thinking about this correctly? Thanks for any insight sbExchange Online PowerShell Dumps the Credential Parameter
On February 12, Microsoft announced the deprecation of the Credential parameter for the Connect-ExchangeOnline cmdlet in the Exchange Online PowerShell module. The deprecation won’t affect interactive sessions (which should all be protected by MFA), but it might stop some background jobs running when Microsoft retires the server components that currently support the ROPC authentication flow. Time to check scripts! https://office365itpros.com/2026/02/16/exchange-online-powershell-ropc/Exchange 2019 Certificate Error
Hello guys, I plan to migrate my users on Exchange 2019, currently, i have 2 Exchange 2013 servers. As soon as i installed the exchange Server 2019, I changed all the virtual directories and i also runned the command to make sure the users doesn't connect on the new server. But now every users who uses Microsoft Outlook from the environment have a pop up that says that the certificate is not valid, and its normal because I can't apply the services SMTP and IIS on my wildcard certificate. Indeed, when i enable the services SMTP and IIS on my new certificate, it doesn't apply. I tried to enable from the ECP, it says "Are you sure you want to replace the existing certificate", when i say yes, it doesn't change anything, the smtp service is still unchecked. I also tried to stop IIS and restart IIS, restart the server but it doesn't changed anything, and I also tried to enable the services directly with the powershell command with the correct thumbprint of the wildcard certificate as it is said on the event viewer : "Enable-ExchangeCertificate -Server "EX01-2019" -Thumbprint A6BC992FDD... -Services SMTP,IMAP,IIS -Force" But it still don't work, when i check the certificate, only the service IIS is active. I had to uninstall completely the exchange server, because users were complaining about the pop up. Have anyone faced this problem before? Thank you very much for your advices guys
Exchange 2010 to Microsoft 365 Migration – Recommended Approach and Tools
I’m looking for guidance on migrating Exchange 2010 (on-premises) to Microsoft 365 / Office 365. Is a direct migration from Exchange 2010 supported, or is an intermediate hop (such as upgrading Exchange or setting up a hybrid configuration) required? Additionally, could you please recommend any reliable tools that can help with this migration? I also have a few PST files that need to be migrated as part of the process. I’d appreciate insights on best practices, common challenges, and lessons learned from real-world migrations. Thanks in advance for your help.The Final Countdown to Remove EWS from Exchange Online Begins
Microsoft announced the dates leading to the final retirement of Exchange Web Services from Exchange Online. If all goes well, the EWS retirement in the cloud will happen by May 2027. Challenges still exist. Microsoft must remove EWS from its own apps, including Outlook, and help tenants and ISVs make the leap to Graph APIs. Plans are in place and progress is being made, but will everyone be ready when Microsoft starts to remove EWS permanently from Exchange Online in April 2027? https://office365itpros.com/2026/02/06/ews-retirement-may-2027/
OWA “Manage Add-ins” Stuck Loading After Clicking Settings (Exchange 2019 CU15 / Exchange SE RTM)
I have an Exchange Server environment with three versions: Exchange Server 2019 CU14 Dec25SU, Exchange Server 2019 CU15 Sept25H, Exchange Server SE RTM, and Exchange Server SE RTM Dec25SU. Issue: When users click the Settings icon/button in OWA/Outlook on the web and then click Manage add-ins, the page does not redirect and remains stuck on an external loading screen. Tested environments: Exchange Server 2019 CU14 Dec25SU: Works without issues Exchange Server 2019 CU15 Sept25H, Exchange Server SE RTM, and Exchange Server SE RTM Dec25SU: Does not work on any of them Troubleshooting performed: Moved all arbitral mailboxes to a database on Exchange Server SE RTM Dec25SU (the most recent version in the forest). (No success) Migrated all servers to Exchange Server SE RTM Dec25SU. (No success) Isolated testing using the hosts file (DNS) pointing to each host individually, and all hosts have the issue. All SE RTM Dec25SU servers were installed in admin mode via Command Prompt. I also ran the two .ps1 scripts below on a test host after installing the SU: #learn.microsoft.com/en-us/troubleshoot/exchange/client-connectivity/owa-stops-working-after-update cd "C:\Program Files\Microsoft\Exchange Server\V15\Bin" .\UpdateCas.ps1 .\UpdateConfigFiles.ps1 iisreset /restart Workaround: With the user already authenticated, if I manually open the URL below in the same authenticated session, it loads normally: webapp.mydomain.com/owa/#path=/options/manageapps Does anyone know how to fix this, or if this is a bug that started with CU15 (or a later SU)?Report for email reply time for shared mailbox
Hi All, i am looking to crate report for management for our KPI. Management want to to know how quick teams are replying to email once it's landed to mailbox. Also, average reply time for the particular mailbox for a day or week or month. if nay one know how to achieve this please let me know it will be grate help. Thanks, PreyashMicrosoft Previews userConfiguration Graph API
A new userConfiguration API is available to retrieve data from Folder Associated Items (FAIs) in Exchange mailboxes. The new Graph API is part of the EWS migration project and is intended to allow application developers to migrate EWS code that updates FAIs with Graph equivalents. Most Microsoft 365 tenants will never use this API, but it’s nice to know how things work. https://office365itpros.com/2026/02/05/userconfiguration-api-beta/Microsoft Delays Retirement of Basic Authentication for SMTP AUTH
Microsoft has delayed the retirement of basic authentication for the SMTP AUTH client submissions protocol to 2027 or beyond. New tenants will be the first to be blocked and Microsoft will disable basic authentication for SMTP AUTH in a way that existing tenants can reenable the protocol. Eventually, we’ll get a date for final retirement sometime in 2027. These things take time! https://office365itpros.com/2026/01/29/smtp-auth-basic-retirement/M365 tenant emails marked as spam (SCL:5, CAT:PHISH) despite perfect authentication
Hello, Our business emails from our M365 tenant are consistently marked as spam when sent to other M365 tenants, despite perfect email authentication. Technical status: - SPF: Pass ✓ - DKIM: Pass ✓ (recently enabled) - DMARC: Pass ✓ (recently enabled) - Composite Authentication: Pass (reason=100) ✓ But messages are still marked as: - X-MS-Exchange-Organization-SCL: 5 - X-Forefront-Antispam-Report: CAT:PHISH;SFV:SPM We suspect a tenant reputation issue, possibly because the tenant ran for months without DKIM enabled. Now that all authentication is correct, how can we request a reputation review? Thank you!Using the Exchange Online Message Trace API
January 22 saw the announcement of the beta version of an Exchange Online Graph-based message trace API. The API can retrieve message trace records and their details and offers equivalent functionality to the message trace cmdlets in the Exchange Online management PowerShell module. However, sometimes applications simply want to access data without going through a module, and that’s what this API delivers. The article includes a complete PowerShell script to demonstrate how to use the API. https://office365itpros.com/2026/01/27/message-trace-api/
Keep user account but provision new empty mailbox
i did ask in another forum but thought i would ask here as it seems impossible... we are hybrid exchange. We have litigation hold and purview retention policies in place. We have a scenario where an existing user is moving to a new role and her existing mailbox needs to be dissociated from her AD account and a new clean mailbox provisioned. The original mailbox needs to stay as inactive and searchable via ediscovery. Is it possible? I have asked AI and its said: Make sure all the holds and retention policies are in place Move the AD account to a non-syncing OU and run a delta sync The mailbox should show as inactive in exchange online Then it tells me to run Set-User <UserUPN> -PermanentlyClearPreviousMailboxInfo but ONLY if the recipient type shows as MailUser or User This is where i am stuck as it is still UserMailbox. It told me to restore the cloud only object which i did. But it still shows as RecipientType = UserMailbox when i check. Its now just a cloud only account, it has no license. The mailbox is inactive but its still a UserMailbox Is what i am trying to do possible? Would now just changing the cloud only account to have a new email address be the only way to retain it and then sync back the on-prem account?DMARC rejection after Exchange upgrade
I'm having problems with inbound emails getting bounced as Undeliverable due to DMARC rejection. For many years I've had my email come through Fasthosts / Livemail to my own domain (qts.org.uk) with catch-all forwarding set to forward everything to my GMail account. Just recently Fasthosts have upgraded their servers to Exchange and I've started getting DMARC rejections from GMail which start Diagnostic information for administrators: Generating server: exchange2019.livemail.co.uk Total retry attempts: 1 (my gmail email address) t1-hex-xprelay.gem.livemail.co.uk Remote Server returned '550 5.7.26 Message rejected by DMARC policy by gmail.com. Please use your own email address as the sender, instead of (sender's email address). [MSG0009]' Which bounce from Fasthosts / Livemail back to my GMail address. My own domain has SPF, DMARC, and DKIM configured I've done a little digging and it appears to only affect senders from originating domains with DMARC set to reject. So either GMail has coincidentally become much more strict (possible) or Fasthosts are somehow failing to forward emails fully transparently. I have spoken to Fasthosts and logged the issue with them and was not impressed so I hope the experts here can offer a solution I can forward to them.Teams calendar for exchange on prem users not working
Hello I am having issues to make Exchange On prem users use Calendar on teams. Initially Client autodiscover was blocked externally but they added a cname and open flows but I am still having issues to makecalendar on teams work HCW as passed and new hybrid dedicated app was used any help is welcomeModern Auth EWS error 50199 when signing from Crestron Touchpanels
Good Afternoon, All I am having a difficult time nailing down this issue. I have a few Crestron TTS-770s that were, up to last week, working correctly by pulling Calendars data with EWS. They were configured with a service account signed into EWS using 'modern authentication'. This week, these panels have disconnected and report that 'Needs to be authorized' as the EWS status. I have verified that CA is not blocking sign in, the account is excluded from MFA policies, and is correctly licensed for Exchange Access. We do not use Intune for device management. When I attempt to re-register the device, I follow the prompts until I am prompted to close the browser window; The device spins, then fails to connect with the status above. I have attempted this with the service account and my own Admin account with MFA, to the same result. Entra Enterprise Apps Sign-in logs show a 'Successful' entry, then immediately after, a 'Failed' entry with an error '50199'. I had not made changes to any of the URIs before initial failure, and any additional entries or changes do not change the results of the error. Initial URI was configured to 'https://app.noop' (no idea, was configured before I got here, and I hadn't needed to change it), I have attempted combinations of our Tenant URI, ' https://login.microsoftonline.com/common/oauth2/nativeclient', and other 'fixes' I had found while GTS-ing. I additionally have set my 'legacy authentication' and 'legacy applications' CA polices to read-only for troubleshooting. I am working to disable OAuth2ClientProfile on Exchange Online temporarily for troubleshooting. Does anyone have any ideas? Please let me know if any additional information is needed, or if needed to post in another location. Thank YouTeams delegation permission issue with Onpremise Exchange Server
we have migrated the exchange server from 2019 to SE Environment and configure the OAuth 2.0 which is working perfectly but there is one issue that one of the user is using Shared calendar but while he create the meeting invite along with Teams meeting option then everytime it shows an error "please login into the meeting" If anyone works on this case please guide or help us. Thanks
Recent Blogs
- We wanted to share some tips on how to find out details of EWS usage in your tenant.Feb 23, 2026
- We’re excited to share that Multi-Geo In-Region Routing reached General Availability in December 2025.Feb 13, 2026
